X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fcontrollers%2Fapi%2Fusers%2Findex.ts;h=7761ba6020c10ae941bd283c1019498d4bfb3909;hb=5a921e7b74910414626bfc9672b857e987e3ebed;hp=be800e8b5d5e0a9589883ad70de9a323df1fa3cd;hpb=171efc48e67498406feb6d7873b3482b41505515;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts index be800e8b5..7761ba602 100644 --- a/server/controllers/api/users/index.ts +++ b/server/controllers/api/users/index.ts @@ -1,13 +1,10 @@ -import * as express from 'express' -import * as RateLimit from 'express-rate-limit' +import express from 'express' import { tokensRouter } from '@server/controllers/api/users/token' import { Hooks } from '@server/lib/plugins/hooks' import { OAuthTokenModel } from '@server/models/oauth/oauth-token' -import { MUser, MUserAccountDefault } from '@server/types/models' -import { UserCreate, UserCreateResult, UserRight, UserRole, UserUpdate } from '../../../../shared' -import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes' -import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model' -import { UserRegister } from '../../../../shared/models/users/user-register.model' +import { MUserAccountDefault } from '@server/types/models' +import { pick } from '@shared/core-utils' +import { HttpStatusCode, UserCreate, UserCreateResult, UserRegister, UserRight, UserUpdate } from '@shared/models' import { auditLoggerFactory, getAuditIdFromRes, UserAuditView } from '../../../helpers/audit-logger' import { logger } from '../../../helpers/logger' import { generateRandomString, getFormattedObjects } from '../../../helpers/utils' @@ -17,11 +14,13 @@ import { sequelizeTypescript } from '../../../initializers/database' import { Emailer } from '../../../lib/emailer' import { Notifier } from '../../../lib/notifier' import { Redis } from '../../../lib/redis' -import { createUserAccountAndChannelAndPlaylist, sendVerifyUserEmail } from '../../../lib/user' +import { buildUser, createUserAccountAndChannelAndPlaylist, sendVerifyUserEmail } from '../../../lib/user' import { + adminUsersSortValidator, asyncMiddleware, asyncRetryTransactionMiddleware, authenticate, + buildRateLimiter, ensureUserHasRight, ensureUserRegistrationAllowed, ensureUserRegistrationAllowedForIP, @@ -34,7 +33,6 @@ import { usersListValidator, usersRegisterValidator, usersRemoveValidator, - usersSortValidator, usersUpdateValidator } from '../../../middlewares' import { @@ -56,13 +54,13 @@ import { myVideoPlaylistsRouter } from './my-video-playlists' const auditLogger = auditLoggerFactory('users') -const signupRateLimiter = RateLimit({ +const signupRateLimiter = buildRateLimiter({ windowMs: CONFIG.RATES_LIMIT.SIGNUP.WINDOW_MS, max: CONFIG.RATES_LIMIT.SIGNUP.MAX, skipFailedRequests: true }) -const askSendEmailLimiter = RateLimit({ +const askSendEmailLimiter = buildRateLimiter({ windowMs: CONFIG.RATES_LIMIT.ASK_SEND_EMAIL.WINDOW_MS, max: CONFIG.RATES_LIMIT.ASK_SEND_EMAIL.MAX }) @@ -86,7 +84,7 @@ usersRouter.get('/', authenticate, ensureUserHasRight(UserRight.MANAGE_USERS), paginationValidator, - usersSortValidator, + adminUsersSortValidator, setDefaultSort, setDefaultPagination, usersListValidator, @@ -178,17 +176,11 @@ export { async function createUser (req: express.Request, res: express.Response) { const body: UserCreate = req.body - const userToCreate = new UserModel({ - username: body.username, - password: body.password, - email: body.email, - nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY, - autoPlayVideo: true, - role: body.role, - videoQuota: body.videoQuota, - videoQuotaDaily: body.videoQuotaDaily, - adminFlags: body.adminFlags || UserAdminFlag.NONE - }) as MUser + const userToCreate = buildUser({ + ...pick(body, [ 'username', 'password', 'email', 'role', 'videoQuota', 'videoQuotaDaily', 'adminFlags' ]), + + emailVerified: null + }) // NB: due to the validator usersAddValidator, password==='' can only be true if we can send the mail. const createPassword = userToCreate.password === '' @@ -209,10 +201,10 @@ async function createUser (req: express.Request, res: express.Response) { logger.info('Sending to user %s a create password email', body.username) const verificationString = await Redis.Instance.setCreatePasswordVerificationString(user.id) const url = WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString - await Emailer.Instance.addPasswordCreateEmailJob(userToCreate.username, user.email, url) + Emailer.Instance.addPasswordCreateEmailJob(userToCreate.username, user.email, url) } - Hooks.runAction('action:api.user.created', { body, user, account, videoChannel }) + Hooks.runAction('action:api.user.created', { body, user, account, videoChannel, req, res }) return res.json({ user: { @@ -227,20 +219,14 @@ async function createUser (req: express.Request, res: express.Response) { async function registerUser (req: express.Request, res: express.Response) { const body: UserRegister = req.body - const userToCreate = new UserModel({ - username: body.username, - password: body.password, - email: body.email, - nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY, - autoPlayVideo: true, - role: UserRole.USER, - videoQuota: CONFIG.USER.VIDEO_QUOTA, - videoQuotaDaily: CONFIG.USER.VIDEO_QUOTA_DAILY, + const userToCreate = buildUser({ + ...pick(body, [ 'username', 'password', 'email' ]), + emailVerified: CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION ? false : null }) const { user, account, videoChannel } = await createUserAccountAndChannelAndPlaylist({ - userToCreate: userToCreate, + userToCreate, userDisplayName: body.displayName || undefined, channelNames: body.channel }) @@ -254,7 +240,7 @@ async function registerUser (req: express.Request, res: express.Response) { Notifier.Instance.notifyOnNewUserRegistration(user) - Hooks.runAction('action:api.user.registered', { body, user, account, videoChannel }) + Hooks.runAction('action:api.user.registered', { body, user, account, videoChannel, req, res }) return res.type('json').status(HttpStatusCode.NO_CONTENT_204).end() } @@ -264,7 +250,7 @@ async function unblockUser (req: express.Request, res: express.Response) { await changeUserBlock(res, user, false) - Hooks.runAction('action:api.user.unblocked', { user }) + Hooks.runAction('action:api.user.unblocked', { user, req, res }) return res.status(HttpStatusCode.NO_CONTENT_204).end() } @@ -275,7 +261,7 @@ async function blockUser (req: express.Request, res: express.Response) { await changeUserBlock(res, user, true, reason) - Hooks.runAction('action:api.user.blocked', { user }) + Hooks.runAction('action:api.user.blocked', { user, req, res }) return res.status(HttpStatusCode.NO_CONTENT_204).end() } @@ -291,7 +277,7 @@ async function autocompleteUsers (req: express.Request, res: express.Response) { } async function listUsers (req: express.Request, res: express.Response) { - const resultList = await UserModel.listForApi({ + const resultList = await UserModel.listForAdminApi({ start: req.query.start, count: req.query.count, sort: req.query.sort, @@ -312,7 +298,7 @@ async function removeUser (req: express.Request, res: express.Response) { await user.destroy({ transaction: t }) }) - Hooks.runAction('action:api.user.deleted', { user }) + Hooks.runAction('action:api.user.deleted', { user, req, res }) return res.status(HttpStatusCode.NO_CONTENT_204).end() } @@ -345,7 +331,7 @@ async function updateUser (req: express.Request, res: express.Response) { auditLogger.update(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()), oldUserAuditView) - Hooks.runAction('action:api.user.updated', { user }) + Hooks.runAction('action:api.user.updated', { user, req, res }) // Don't need to send this update to followers, these attributes are not federated